- Business Systems House was violated in September
- It’s a business partner for ADP serving Broadcom at one point
- Now appears sensitive broad files to have occurred on the dark web
Customers of the global semiconductor giant Broadcom have got their sensitive data leaked on the dark web following a two -stage supply attack. Apparently a company called Business Systems House (BSH), a service provider of Human Capital Management (HCM) from the Middle East, a ransomware attack in September 2024, where a group known as El Dorado (later redirected as Blacklock), stole its files.
This company is a business partner for payroll company ADP, which again worked with Broadcom. In fact, the chip giant was in the process of changing wage providers when the incident happened, which means it almost avoided the bullet.
In December 2024, however, the two companies discovered the stolen data on the Internet. “Because the data taken by the criminal actor was in an unstructured format that definitively determined which employees were affected and for each employee, which data fields were revealed, it was a long -lasting process for BSH/ADP and this information was not made available to Broadcom until May 12, 2025,” it was explained.
El Dorado or Blacklock
According to Registeredthat first broke the story, attackers removed the following data:
- National ID numbers
- National Health Insurance -Id -The Numbers
- Health Insurance Policy/ID Numbers
- Financial account numbers
- Dates of birth
- Salary information
- Date of the end of employment
- Personal E -Mail addresses
- Personal phone numbers
- Home addresses
Broadcom urged everyone to turn on MFA and all other security settings provided by their financial institutions. In addition, it warned users to monitor their financial items.
You will be forgiven for not knowing who El Dorado is. It is a relatively new ransomware operation that emerged in March 2024 and already transformed into Sortlock. The files that were stolen from Broadcom were also placed on the black lock -leakage space. Allegedly, the group consists of Russian-speaking individuals.
Broadcom serves a wide range of customers across different industries, including technology, finance, healthcare and telecommunications. Some of the biggest names include Apple, Samsung, Cisco, British Airways and many others. ADP, Registered Requirements are no worse, but so far no one reported to have lost data.
Via Registered
